@TCP-IP said in Usermanagement: adding a user in pfsense who has only this privileges: Hi, Do you mean something like that? https://docs.netgate.com/pfsense/en/latest/usermanager/group-manager.html https://www.youtube.com/watch?v=fOiJ0N2k1mM

Before i found Pfsense i have already hardwired my iot's. So now the only new addition has been smart switches wifi cameras. motions light and temp sensors. The issue would be wifi plus due to the my current limitations the server will be in the basement if i end up settiing up mesh of wireless network the cost ends up going high. This is stuff i have just lying around so i would use this plus if in the future i want to wire my house to have another network for work purposes i can run a cable to my switch is located in a convenient place.

@gawainxx said in Need help setting up a script to run and log tracert and ping tests when latency and packet loss exceeds a certain point.: so it's detecting the ISP modem as the GW. Well if pfsense is having problems pinging your ISP device.. Then its either that device, or the connection to said device.. That would have nothing to do with the actual internet connection.

It actually shows you that error or it just returns no groups? Do those groups exist in pfSense with identical names? Why are you running that old version of pfSense? You should upgrade when you can. Steve

in Diag > Command Prompt use the download field to get it from /var/etc/ntpd.conf. Steve

You should not have to but you could try to manually recreate the key: https://forum.netgate.com/post/510554 Though if it was doing that immediately after the initial install I would suggest something went wrong there. Did you try just re-installing? Steve

Ah, so more likely then it's not a conflict but that your ISP is handing you a technically invalid gateway that's outside the WAN subnet, which is only a single address. Fun. There is an option to allow that for providers who decide to ignore the standards. In System > Routing > Gateways edit the dhcp gateway and set 'Use non-local gateway' in the advanced section. Steve

Urgh. Good luck! At least you have some sort of answer I guess. The fact existing connections stay working really makes it seem like some sort of state exhaustion. that would still have to be somewhere upstream though if pfSense is doing PPPoE, the USB router would not see those states. Steve

So when you put in the sg1100 vs the other one - you actually rebooted the cable modem.. When you change devices connected to a cable modem you almost always have to power cycle them.

Confirmed, it seems to be fixed now. Thanks.

Ah, sorry I see that now. Hmm. Does it happen everytime it loses link? Seems like it must be either specific to your provider or maybe something in the card, different firmware version? I know quite a few people are using that modem. Can you test a different cell provider? Steve

there is nothing saying that could not run on a VM, or sure create a docker for it. I see nothing in that code specific to a pi.. Prob even run on pfsense, python really. The best part about that example was the sending to the outside service to track results, and use that service to know if you need to get alerted.. Since if your internet is say down, you sure are not going to get an email, etc. And they have the alerting stuff already coded to look at variables your uploading..

@networknut Wow! I have been struggling with this for months! This makes no sense but it bloody works. I had the same problem with OPNSense as well and logically the same rules should fix the problem in that as well.

Sure...there are many ways to do this. Here is one in the Netgate docs: https://docs.netgate.com/pfsense/en/latest/firewall/restrict-access-to-management-interface.html -Rico

@johnpoz Good point [image: 1599696756764-fe007b75-e0f4-455c-bc76-2bf05cece0ca-image.png]

Thanks very much for all of your help on this. I've done as you suggested and all is working as it should be now. Thank you for sticking to this topic and sorry for taking so long to get back to it. I have way too many tabs open :).

@dpettigr said in Open ports: so they are using a cloud based application that needs to communicate with a piece of software installed on the machine. That loopback dns stuff pointing to 127.0.0.1.. Nothing from anywhere is going to connect to that, that is loopback, goes no where other than the machine itself.. Are you seeing them blocked in the pfsense firewall? Where are they blocked in the log? If something is trying to get to your public IP, you would see the traffic doing a packet capture. If you don't see it, then its never getting to pfsense. If pfsense sees it, and the forward is not working.. You either have it setup wrong, post up your port forwarding rules. The nat and the firewall rule that would of been created. Maybe there is something above the rule on your wan that blocking it. Like a specific pfblocker rule or something? Or something on the client, which is very common - firewall on the client, or client not pointing to pfsense as its gateway. Is it tcp or udp? You can sniff on pfsense lan side interface while trying to connect, do you see pfsense send on the traffic to the IP you port forwarded the traffic.

@trombone said in allow LAN clients to "see" OPT1 printer: @akuma1x I like that idea! Now if my boss would come up with eight times $150. Give us the phone number, we'll give him/her a call... :) LOL

In the resolver gui.. Go to the options box and put in the private-domain I showed above. [image: 1599665889788-private.png] Or if you want it to all stay local and not actually send forwards or queries upstream.. Set it to redirect server: local-zone: "powerdmslocal.com" redirect local-data: "powerdmslocal.com 3600 IN A 127.0.0.1" The private-domain is the cleaner option in this case, since that resolves on the public that way

@Frogg said in Port 443 timeout using Netcat but is working in browser: Forwarder & Resolver (Now changed to enabled) was disabled Huh? You can not use both at the same time.. You run into a race condition.. Which one are you using? Place your host override in the one your using.. They both allow for overrides. Do a directed query to pfsense to validate it returns your records you put in host override.. C:\>dig @192.168.9.253 ahost.domain.tld ; <<>> DiG 9.16.6 <<>> @192.168.9.253 ahost.domain.tld ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8719 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ahost.domain.tld. IN A ;; ANSWER SECTION: ahost.domain.tld. 3600 IN A 192.168.1.4 ;; Query time: 0 msec ;; SERVER: 192.168.9.253#53(192.168.9.253) ;; WHEN: Tue Sep 08 13:40:59 Central Daylight Time 2020 ;; MSG SIZE rcvd: 61 C:\>nslookup Default Server: pi-hole.local.lan Address: 192.168.3.10 > server 192.168.9.253 Default Server: sg4860.local.lan Address: 192.168.9.253 > ahost.domain.tld Server: sg4860.local.lan Address: 192.168.9.253 Name: ahost.domain.tld Address: 192.168.1.4 Pfsense in my case is 192.168.9.253